

SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
To donate by check, phone, or other method, see our More Ways to Give page.


Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
Civil society groups and experts said that "the EU must act now to defend independent oversight, protect fundamental rights, and ensure that spyware abuse in Europe is met with accountability, not impunity."
The European Parliament narrowly voted Monday to hold a debate on spyware after recent revelations that the phone of Stelios Kouloglou, a Greek journalist and former member of the European Parliament, "was repeatedly hacked with NSO Group's Pegasus" while he sat on the body's committee investigating abuses of the technology.
The vote came amid a fresh wave of calls for action. Elina Castillo Jiménez, advocacy and policy adviser for Amnesty International's Security Lab, said in a Monday statement that "the brazen targeting of someone in his position underlines how inadequate the current system is, and is yet another wake-up call that the protections that were put in place to prevent this kind of abuse are still not being implemented in Europe."
"Three years ago, the European Parliament's PEGA Committee, on which Stelios Kouloglou sat, issued clear and detailed recommendations for how to close the gaps that allow this abuse to continue. We are still waiting for implementation. Delaying it sends the wrong message about impunity in the surveillance industry."
Castillo Jiménez argued that "European leaders must find the political will needed to protect people from spyware abuse. An independent and impartial investigation into this attack, together with a roadmap for implementing PEGA recommendations, is urgently needed. If an elected member of parliament is not safe from unlawful surveillance, then no one is."
Amnesty was also part of a Monday joint statement with individual experts and organizations including Access Now, Center for Democracy and Technology Europe, Committee to Protect Journalists, Reporters Without Borders, and more, calling out the European Union for failing "to deliver a meaningful, EU-wide response to the proliferation and abuse of commercial spyware."
Global calls for restrictions on surveillance technology have mounted since the Pegasus Project—an international media consortium led by the media nonprofit Forbidden Stories, with tech assistance from Amnesty—published a 2021 exposé of the Israeli firm's software that was developed to secretly infiltrate mobile phones.
Kouloglou, who left the European Parliament two years ago, was appointed to serve as a substitute member of its PEGA Committee on March 24, 2022. That October, his Apple iPhone was infected with the spyware, according to research released Friday by the Citizen Lab at the University of Toronto in Canada.
The first documented hacking occurred while Kouloglou was at a hospital, where he was visited by Greek journalist Thanasis Koukakis—who, as the Citizen Lab explained, "has worked closely on mercenary spyware issues in Greece, has testified to the PEGA committee, and was himself targeted with Intellexa's Predator spyware."
The following March, as Kouloglou left Athens for Brussels, his phone was again infected with Pegasus. The lab noted that the second hacking happened as he and Koukakis were making tentative plans to meet over WhatsApp, "the PEGA Committee was engaged in intense discussions related to the final drafting process," and PEGA Rapporteur MEP Sophie in 't Veld was in Greece with another committee delegation that questioned Greek officials on the country's scandal involving other spyware.
The forensic analysis also found that "Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024," the lab said. "It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place. Kouloglou reports to us that he did not recall receiving the Apple notifications we observed."
The Citizen Lab acknowledged that "we have no indications that this hacking was the work of the Greek government," though it does appear to be the same operator who targeted seven Russian- and Belarusian-speaking independent journalists and opposition activists based in Europe, whose experiences were detailed in its May 2024 joint report with Access Now.
Although there were some known cases of MEPs being targeted with Pegasus before the European Parliament's panel was created, the lab stressed, "this is the first time a member of the PEGA Committee has been publicly identified as a victim" of this particular spyware while serving on it.
Reuters reported that while NSO did not respond to requests for comment, Apple said the vulnerability referred to in the Citizen Lab report has been patched. The European Parliament told the news outlet that its spyware screening tools had been available to all lawmakers since 2022 and its information technology security services "constantly monitor cybersecurity threats as well as potential cyberattacks against its working environment."
However, that's not enough for critics like In 't Veld, who is also no longer an MEP and pointed out to Politico that hundreds of politicians, including European Parliament President Roberta Metsola, have been targeted by various tech.
"If attempts to target the phone of the president of the European Parliament, or members of the European Commission, does not trigger sufficient reaction, [and] is not enough to break the deadlock, then what is?" she asked
The coalition of groups and tech experts similarly said in their Monday statement: "These incidents all point to a structural failure to adequately and seriously respond to the spyware crisis in Europe. This latest revelation should be treated as a rule of law emergency, threatening the very foundations of our society."
"Europe cannot continue moving from scandal to scandal without consequence. The targeting of a member of the European Parliament involved in investigating spyware abuse should mark a turning point," the coalition said. "The EU must act now to defend independent oversight, protect fundamental rights, and ensure that spyware abuse in Europe is met with accountability, not impunity."
John Scott-Railton, a senior researcher at the lab, told The Guardian last week that "this case is the ultimate irony of Europe's spyware crisis. Someone on the very committee tasked with investigating Pegasus gets infected by it. And what has happened since? The parliament looks the other way when new European spyware abuses emerge."
"I can tell you how the next chapter will go: more hacked parliamentarians," he warned. "In fact, I suspect there are members voting and attending high-level meetings with no idea that their phone has been turned into a spy in their pocket."
Scott-Railton welcomed Monday's vote to hold a debate later this week, and listed some key questions on social media:
In addition to urging investigations by European Union institutions, the Citizen Lab recommended that other members and their staff immediately seek forensic screening of their devices, exercise vigilance for state-sponsored attack warnings, and enable Lockdown mode on iPhones and Advanced Protect for Android.
The commission's upcoming first meeting will focus on "strengthening AI infrastructure, accelerating AI's impact on health, education, food security, and disaster response, and ensuring trust and safety," said its CEO co-chair.
A week after United Nations Secretary-General António Guterres called on artificial intelligence companies to "come clean" about the full costs of power-sucking data centers, and as a UN panel on Wednesday released a report detailing the risks and impacts of AI, Axios revealed the creation of a related commission that's full of Big Tech executives.
"The UN and its International Telecommunication Union (ITU) are convening the AI for Good Global Commission, which will hold its first meeting on July 8 in Geneva, Switzerland," according to the outlet. It will be co-chaired by Salesforce CEO Marc Benioff and Rwandan President Paul Kagame, with other tech and policy leaders joining as members.
So far, Axios reported, they include ITU Secretary-General Doreen Bogdan-Martin, Estonian President Alar Karis, Amazon CEO Andy Jassy, Anthropic co-founder Jack Clark, Cohere co-founder Aidan Gomez, Microsoft president Brad Smith, Nvidia founder and CEO Jensen Huang, and AI and tech policymakers from Kazakhstan, Namibia, Nigeria, Saudi Arabia, and Singapore.
"AI is the most profound technological transition in history. And our values have to guide every step, because responsibility is the core of AI ethics," Benioff said. The commission will bring together "the people who build AI, deploy it, shape policy, and represent communities."
He added that "our inaugural meeting will focus on where this group is uniquely positioned to act together: strengthening AI infrastructure, accelerating AI's impact on health, education, food security, and disaster response, and ensuring trust and safety."
However, given recent polls showing that the public has limited confidence in large technology companies, opposes constructing data centers for artificial intelligence in their local area, is wary of AI’s impact on daily life, and has concerns about politicians having a "cozy relationship" with Big Tech, the commission may be met with skepticism or even backlash.
In the lead-up to the commission's meeting next week at the ITU's AI for Good Global Summit, the UN plans to hold the inaugural Global Dialogue on AI Governance, featuring a presentation of the "Preliminary Report of the Independent International Scientific Panel on Artificial Intelligence," published Wednesday.
Established with a UN resolution last August, the panel is the first global scientific body on AI—and, as Guterres said in a statement about its new report, "the panel is intended to help the world separate fact from fakes, and science from slop."
"We are looking to them to provide an authoritative reference point at a moment when reliable, unbiased understanding of AI has never been more critical," the UN chief explained. "I am pleased to say that they have delivered a down payment on that commitment—in record time."
The panel's co-chair, Canadian computer scientist Yoshua Bengio, noted that "AI capabilities are outpacing both scientific understanding and governments' ability to adapt. With growing evidence of deceptive AI behavior, science currently cannot guarantee that as capabilities continue to increase, AI will not cause catastrophic harm, either on its own or due to malicious users."
"To act effectively, global policymakers must understand these systems," he asserted. "This panel provides exactly that: a rigorous, shared scientific foundation to guide our collective way forward."
The report discusses AI's recent advances and expected trajectories; societal applications, from agriculture to education to healthcare; economic implications; security and environmental concerns; impacts on democracy, human rights, and information; potential harms to child safety and culture; and governance of the rapidly developing technology.
"The technology is transformative, but if the world keeps moving along this trajectory, humanity will fail to realize the gains it promises. The risks—to societies, to security, and to our species—are too high, and the forces driving AI forward are not the forces that will deliver its benefits," said Maria Ressa, a panel's co-chair and Nobel Peace Prize-winning Filipino-American journalist.
Guterres, whose term ends this year, similarly stressed the need for urgent action on a global scale. He said that the "single lesson" he wanted to highlight from the multifaceted report is that "the more AI advances without shared rules, the less say governments and people will have in the outcome. So my message to governments is simple: Do not wait."
"Next week in Geneva, the first Global Dialogue on AI Governance will begin to turn science into shared action—with every nation at the same table," he said. "I look forward to joining member states there to help carry this work forward. And soon, I will set out proposals to help countries build the capacity to adequately deal with this technology—and share in its rewards."
Guterres' Wednesday comments came after he publicly took aim at artificial intelligence companies last week, proposing the AI Environmental Transparency Initiative during London Climate Action Week, as the second heatwave in as many months scorched the United Kingdom and various other European countries, killing at least hundreds of people.
"I am calling on every major AI company to measure and publicly disclose the full environmental impact of its systems—carbon, water, and land footprints—and to commit to power every data center with renewable energy by 2030," he declared. "No more hidden costs. No more shifting the burden onto those least able to bear it."
"Age verification requirements will help the Trump administration carry out its vendetta against the press by creating new avenues to identify journalists’ confidential sources," warned two press freedom advocates.
Opponents of a bill that is purported to protect children online said Monday night, after the legislation passed in the US House, that laws are "urgently" needed to stop Big Tech companies from preying on kids' vulnerabilities.
"The KIDS Act is not that piece of legislation," said Rep. Pramila Jayapal (D-Wash.), who was one of 117 lawmakers who voted against the Kids Internet and Digital Safety (KIDS) Act, which passed with 267 votes, while 47 members of Congress did not vote.
The bipartisan bill requires online platforms to use new safety features and parental controls, restricts the use of minors' personal data to target ads, and establishes new restrictions for AI chatbots and online games.
But ahead of the bill's passage, the Electronic Frontier Foundation (EFF) was among the opponents raising alarm about other provisions "buried inside the KIDS Act" that would "push online services to verify all users’ ages, require government-directed moderation policies for online speech, and even create new rules about private and encrypted communications."
The legislation, drawing from portions of 14 different online safety bills, "is a mess, with different age-gating schemes for different services, using different standards," wrote EFF senior policy analyst Joe Mullin. "It’s a lot of complexity, and a lot of legal risk. Faced with that, many companies will conclude that the safest option is restrictive age-checking practices across their entire platforms."
As Mullin explained:
Throughout the KOSA section of the legislation, special protections, controls, messaging settings, and parental tools are required whenever a website or app “knows or should have known” a user is a child (defined in the bill as anyone under 13) or a teen (defined as anyone between 13 and 16 years old).
The problem is a website operator doesn’t need actual knowledge that a user is a minor to get in legal trouble. It applies when a platform “knows or should have known” a user’s age—a low, negligence-style standard of knowledge. If an online service gets it wrong, it’s going to be up to courts and regulators to decide, after the fact, if an online service “should” have known a user was 16.
To try to avoid liability, services will have to determine which users are teenagers and which are not. Most won’t be able to simply trust their users. They’ll have to collect more information about age, before any lawsuit or government action arises. Some companies may respond by requesting driver's licenses or passports. Others will rely on age-estimation systems that attempt to guess users' ages by looking at existing activity or doing facial scans.
At The Intercept, Caitlin Vogus of the Freedom of the Press Foundation and Aliya Bhatia of the Center for Democracy and Technology’s Free Expression Project warned ahead of the bill's passage that while the legislation is ostensibly meant to protect children, the age verification requirement could impact all users' ability to access social media platforms without revealing their identities—chilling anonymous speech and threatening would-be whistleblowers.
"Threats to online anonymity harm everyone, but one group is often overlooked: journalists and the sources who talk to them," wrote Vogus and Bhatia. "Age verification requirements will help the Trump administration carry out its vendetta against the press by creating new avenues to identify journalists’ confidential sources."
While the KIDS Act says it won't require online platforms to collect government IDs for age verification, they said, "at least some platforms will likely choose this route to comply with the law or offer it as a fallback approach when other methods inevitably fail."
Former Republican congressman Justin Amash, a libertarian, accused the lawmakers who voted "yes" on the legislation of betraying "the Constitution and the American people."
Other opponents of the legislation, including Jayapal, argued that the bill would allow tech companies to continue targeting children with algorithms that send harmful content to the youngest users.
The legislation omits a "duty of care" provision that was included in the Kids Online Safety Act (KOSA), which was passed by the US Senate in 2024—a requirement that tech firms "exercise reasonable care” to prevent harms to children.
Jayapal noted that the bill, which faces an uphill battle in the Senate, leaves "suicide, depression, addiction, substance use disorders, and eating disorders from the list of harms" that tech companies like Meta must address in their algorithms.
The "duty of care" provision has been criticized as too vague by several digital rights groups, while some child safety groups said its omission in the KIDS Act would "let Big Tech off the hook."
"We have seen time and again that these corporations cannot be trusted to put children's safety over their own profit margins," said Jayapal. "We cannot keep exposing our kids to platforms that are either completely indifferent to their safety or a direct threat to it."
The KIDS Act, Jayapal said, also includes provisions "that do not do enough to actually address the harms of" artificial intelligence.
"I voted no," said Jayapal, "because we have a real opportunity to pass bipartisan legislation that holds these companies to not just be transparent about the harms and mitigate them, but to actually prevent them."